{"id":5692,"library":"pycrypto","title":"PyCrypto","description":"PyCrypto is a collection of cryptographic modules for Python, providing algorithms like AES, RSA, and hashing functions. Its last release was 2.6.1 in 2013. The library is unmaintained and is considered insecure for modern applications due to known vulnerabilities and lack of updates. Its development has ceased, with `pycryptodome` serving as its actively maintained successor and drop-in replacement.","status":"abandoned","version":"2.6.1","language":"en","source_language":"en","source_url":"https://github.com/dlitz/pycrypto","tags":["cryptography","legacy","abandoned","security-vulnerable"],"install":[{"cmd":"pip install pycrypto","lang":"bash","label":"Basic installation (may fail on modern systems)"}],"dependencies":[],"imports":[{"symbol":"AES","correct":"from Crypto.Cipher import AES"},{"symbol":"RSA","correct":"from Crypto.PublicKey import RSA"},{"symbol":"MD5","correct":"from Crypto.Hash import MD5"},{"note":"The original PyCrypto (v2.6.1) has very limited and problematic Python 3 support, often leading to installation issues or runtime errors. Use `pycryptodome` for Python 3 compatibility.","wrong":"from Crypto.Cipher import AES  # For pycrypto with Python 3","symbol":"Python 3 compatibility","correct":"from Cryptodome.Cipher import AES  # For pycryptodome"}],"quickstart":{"code":"from Crypto.Hash import MD5\nimport os\n\n# Note: PyCrypto is an abandoned library and not recommended for new projects\n# due to security concerns. This example is for illustrative purposes only.\n# For production, use pycryptodome or cryptography.\n\ntry:\n    message = b\"This is a test message to hash.\"\n    \n    # Create an MD5 hash object\n    hasher = MD5.new()\n    hasher.update(message)\n    \n    print(f\"Original message: {message}\")\n    print(f\"MD5 hash (hex): {hasher.hexdigest()}\")\n    \n    # Important security note: MD5 is cryptographically broken and should NOT\n    # be used for security-critical applications like password storage or digital signatures.\n    \nexcept ImportError:\n    print(\"PyCrypto is not installed or unable to import modules. Please ensure 'pip install pycrypto' was successful and check Python version compatibility.\")\nexcept Exception as e:\n    print(f\"An error occurred: {e}\")\n","lang":"python","description":"This quickstart demonstrates how to compute an MD5 hash using PyCrypto. Please be aware that PyCrypto is an unmaintained library with known security vulnerabilities. MD5 itself is cryptographically broken and should not be used for security-critical purposes. For new projects, `pycryptodome` or `cryptography` are recommended secure alternatives."},"warnings":[{"fix":"Migrate to `pycryptodome` (a drop-in replacement with identical API) or `cryptography` for secure, actively maintained cryptographic functionalities.","message":"PyCrypto is not actively maintained and has known security vulnerabilities, including side-channel attacks and issues with various primitives. Its usage is highly discouraged for any new or security-sensitive applications.","severity":"breaking","affected_versions":"All versions, especially 2.6.1"},{"fix":"For Python 3, use `pycryptodome` which is Python 3 native and provides the same API. If forced to use PyCrypto in Python 3, consider specific forks or patched versions, and ensure all necessary build tools are installed.","message":"Official PyCrypto (v2.6.1) has limited and problematic Python 3 support. Installation often fails on modern Python environments and requires system-level build dependencies (like `gcc`, `python-dev`, `build-essential`) that might not be present by default.","severity":"gotcha","affected_versions":"All versions (especially when used with Python 3.x)"},{"fix":"Transition to modern, actively maintained libraries like `pycryptodome` or `cryptography` for current and future projects to ensure security and access to up-to-date cryptographic standards.","message":"PyCrypto is considered an abandoned library; its last release was in 2013. Its APIs are outdated compared to modern cryptographic practices, and it lacks support for newer, more secure algorithms and modes.","severity":"deprecated","affected_versions":"All versions"}],"env_vars":null,"last_verified":"2026-04-09T00:00:00.000Z","next_check":"2026-07-08T00:00:00.000Z"}